To improve security, you can replace the VMCA-signed certificates on the vCenter Server system and on the ESXi hosts with certificates that are signed by an enterprise or third-party CA. However, certain communications with Linux clients might still be vulnerable to man-in-the-middle attacks. The following components are vulnerable when they run on the Linux operating system.

• vCLI commands
• vSphere SDK for Perl scripts
• Programs that are written using the vSphere Web Services SDK

You can relax the restriction against using Linux clients if you enforce proper controls.

• Restrict management network access to authorized systems only.
• Use firewalls to ensure that only authorized hosts are allowed to access vCenter Server.
• Use jump-box systems to ensure that Linux clients are behind the jump.